From fe49fccf91a962b60f6c4131d76519a07662ac1e Mon Sep 17 00:00:00 2001 From: derailed Date: Tue, 4 Jun 2019 10:54:18 -0600 Subject: [PATCH] fix lost allnamespace --- change_logs/release_0.7.5.md | 2 +- internal/k8s/api.go | 2 +- internal/watch/informer.go | 16 +++++++++++----- 3 files changed, 13 insertions(+), 7 deletions(-) diff --git a/change_logs/release_0.7.5.md b/change_logs/release_0.7.5.md index 962c20a6..f50ba1df 100644 --- a/change_logs/release_0.7.5.md +++ b/change_logs/release_0.7.5.md @@ -12,7 +12,7 @@ Also if you dig this tool, please make some noise on social! [@kitesurfer](https ## Change Logs -Rats, looks like 0.7.4 is a dud! Sorry my fault, feeling burned out... +Rats, looks like 0.7.4 is a dud! Sorry my fault, feeling burned out ;( Please ugrade to 0.7.5. Thank you for your patience and support! --- diff --git a/internal/k8s/api.go b/internal/k8s/api.go index e0d6b9e0..80e16744 100644 --- a/internal/k8s/api.go +++ b/internal/k8s/api.go @@ -120,7 +120,7 @@ func (a *APIClient) CanIAccess(ns, name, resURL string, verbs []string) (bool, e log.Warn().Err(err).Msgf("CanIAccess") return false, err } - log.Debug().Msgf("CHECKING ACCESS res:%s-%q for NS: %q Verb: %s -> %t, %s", resURL, name, ns, v, resp.Status.Allowed, resp.Status.Reason) + log.Debug().Msgf("CHECKING ACCESS group:%q|resource:%q|namespace:%q|name:%q, verb:%s access:%t -- %s", gr.Group, gr.Resource, ns, name, v, resp.Status.Allowed, resp.Status.Reason) if !resp.Status.Allowed { return false, err } diff --git a/internal/watch/informer.go b/internal/watch/informer.go index 5a86c711..fafe3702 100644 --- a/internal/watch/informer.go +++ b/internal/watch/informer.go @@ -62,9 +62,13 @@ func NewInformer(client k8s.Connection, ns string) *Informer { log.Debug().Msgf(">> Starting Informer") i := Informer{client: client, informers: map[string]StoreInformer{}} - _, err := client.CanIAccess("", "", "namespaces", []string{"list", "watch"}) - if err != nil && ns == AllNamespaces { - log.Panic().Msg("Unauthorized: All namespaces. Missing verbs ['list', 'watch']. Please specify a namespace or correct RBAC") + nsAccess, err := client.CanIAccess("", "", "namespaces", []string{"list", "watch"}) + if ns == AllNamespaces && (err != nil || !nsAccess) { + user, _ := client.Config().CurrentUserName() + if err != nil { + log.Panic().Err(err).Msgf("Unauthorized: All namespaces. No access for user `%s", user) + } + log.Panic().Msgf("Unauthorized: All namespaces for user `%s. Missing verbs ['list', 'watch']. Please specify a namespace or correct RBAC", user) } // Namespace is locked in. check if user has auth for this ns access. @@ -93,7 +97,7 @@ func (i *Informer) init(ns string) { ContainerIndex: NewContainer(po), } - if acc, err := i.client.CanIAccess("", "", "nodes", []string{"list", "watch"}); acc && err != nil { + if acc, err := i.client.CanIAccess("", "", "nodes", []string{"list", "watch"}); acc && err == nil { i.informers[NodeIndex] = NewNode(i.client) } @@ -101,8 +105,10 @@ func (i *Informer) init(ns string) { return } - if acc, err := i.client.CanIAccess("", ns, "metrics.k8s.io", []string{"list", "watch"}); acc && err != nil { + if acc, err := i.client.CanIAccess(ns, "", "nodes.metrics.k8s.io", []string{"list", "watch"}); acc && err == nil { i.informers[NodeMXIndex] = NewNodeMetrics(i.client) + } + if acc, err := i.client.CanIAccess(ns, "", "pods.metrics.k8s.io", []string{"list", "watch"}); acc && err == nil { i.informers[PodMXIndex] = NewPodMetrics(i.client, ns) } })